| Scholarship for Service: IA Tutorials and Workshops for Educators |
MAR 2005 |
27 pages |
| Authors:
Cynthia E. Irvine; Naomi B. Falby; NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
|
 | In 2003 and 2004 the Center for Information Systems Security Studies and Research (CISR) at the Naval Postgraduate School organized tutorials and workshops with the intent of increasing the capacity of the United States higher education enterprise to produce professionals in the fields of Information Assurance (IA) and computer security. The target audience of the workshops has been 2-year college, 4-year college, and university-level educators who have responsibility for teaching ... |
|
| Expressing an Information Security Policy Within A Security Simulation Game |
14 JUL 2004 |
8 pages |
| Authors:
Cynthia E. Irvine; Michael F. Thompson; NAVAL POSTGRADUATE SCHOOL MONTEREY CA
|
| The Center for the Information Systems Studies and Research (CISR) at the Naval Postgraduate School has established a broad program in computer and network security education. The program, founded on a core in traditional computer science, is extended by a progression of specialized courses and a broad set of information assurance research projects. A CISR objective has been improvement of information assurance education and training for the U.S. military and ... |
|
| Subversion as a Threat in Information Warfare |
JUN 2004 |
13 pages |
| Authors:
Emory A. Anderson; Cynthia E. Irvine; Roger R. Schell; SPACE AND NAVAL WARFARE SYSTEMS CENTER NORTH CHARLESTON SC
|
| As adversaries develop Information Warfare capabilities, the threat of information system subversion presents a significant risk. System subversion will be defined and characterized as a warfare tool. Through recent security incidents, it is shown that means, motive, and opportunity exist for subversion, that this threat is real, and that it represents a significant vulnerability. Mitigation of the subversion threat touches the most fundamental aspect of the security problem: proving the ... |
|
| Teaching Objectives of a Simulation Game for Computer Security |
27 JUN 2003 |
16 pages |
| Authors:
Cynthia E. Irvine; Michael Thompson; NAVAL POSTGRADUATE SCHOOL MONTEREY CA
|
| This paper describes a computer simulation game being developed to teach computer security principles. The player of the game constructs computer networks and makes choices affecting the ability of these networks and the game's virtual users to protect variable assets from attack by both vandals and well-motivated professionals. The game introduces the player to the need for well formed information security policies, allowing the player to deploy a variety of ... |
|
| Execution Policies Research and Implementation |
FEB 2003 |
13 pages |
| Authors:
Paul C. Clark; Timothy E. Levin; Cynthia E. Irvine; NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
|
| This research studied the application of a software-based ring execution policy, the type of which has previously been implemented via hardware mechanisms, to an open source operating system. Such an execution policy is orthogonal to, and may he used in conjunction with, other mandatory (viz, secrecy, integrity) and discretionary policies. It allows processes running with otherwise similar privileges (such as the root user or secrecy attributes) to be differentiated with ... |
|
| Emergency Response for Cyber Infrastructure Management |
FEB 2003 |
9 pages |
| Authors:
George W. Dinolt; Cynthia E. Irvine; Timothy E. Levin; NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
|
| The objective of this research is to investigate architectural mechanisms to provide an emergency response capability for Cyber Infrastructure management through the use of distributed, highly secure, protected domains. Instead of creating a costly physically separate cyber domain, logical separation is used. This work developed an architecture and prototype demonstration in the context of an open source operating system. |
|
| Diamond HASP Trusted Computing Exemplar |
SEP 2002 |
14 pages |
| Authors:
Cynthia E. Irvine; Timothy E. Levin; George W. Dinolt; NAVAL POSTGRADUATE SCHOOL MONTEREY CA
|
| The National Information Infrastructure is weak; there are no high security, high assurance, off-the-shelf products available that can be used to strengthen it; and the National capability to design and construct such trusted computer systems and networks has atrophied. The purpose of the Trusted Computing Exemplar project is to provide a worked example to show how trusted computing systems and components can be constructed. A prototype high assurance development framework ... |
|
| Demonstration of Quality of Security Service Awareness for IPsec |
SEP 2002 |
37 pages |
| Authors:
Evdoxin Spyropoulou; Timothy E. Levin; Cynthia E. Irvine; NAVAL POSTGRADUATE SCHOOL MONTEREY CA
|
| Quality of Security Service (QoSS) refers to the ability to provide security services according to user and system preferences, policies and conditions. Thus, security can be managed as a responsive "service" for which quantitative measurement of service "efficiency" is possible. We present our demonstration of how a specific underlying security mechanism, IPsec, can be modulated to provide different levels for security in response to changing QoSS requirements. |
|
| Diamond High Assurance Security Program: Trusted Computing Exemplar |
SEP 2002 |
14 pages |
| Authors:
Cynthia E. Irvine; Timothy E. Levin; George W. Dinolt; NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
|
| Over the past decade, the U.S. Government has not been significantly involved in high assurance Trusted Computing acquisitions and research. During this time, the Government's focus on commercial off the shelf procurements helped to fuel explosive advances in commercial technology, but it also contributed to the lack of progress in the ability of commercial systems to appropriately protect themselves and the data with which they are entrusted. While industry has ... |
|
| A National Trusted Computing Strategy |
MAY 2002 |
17 pages |
| Authors:
Cynthia E. Irvine; Timothy E. Levin; George W. Dinolt; NAVAL POSTGRADUATE SCHOOL MONTEREY CA
|
| Through neglect, the national capability to design and construct trusted computers and networks has begun to atrophy. Not only has the information infrastructure been built weakly, but also our capability to strengthen it continues to decline. The Nation is now lacking in both the research and development talent to produce trusted computing systems and the educational infrastructure to create this talent. The Center for INFOSEC Studies and Research (CISR) in ... |
|
| MYSEA Security Architecture |
MAY 2002 |
25 pages |
| Authors:
Cynthia E. Irvine; David J. SHifflett; Paul C. Clark; Timothy E. Levin; George W. Dinolt; NAVAL POSTGRADUATE SCHOOL MONTEREY CA
|
| We describe an innovative architecture consisting of trusted security services and integrated operating system mechanisms for the protection of distributed multi-domain computing environments from malicious code and other attacks. These security services and mechanisms extend and interoperate with existing workstations, applications and open source operating systems, providing new capabilities for composing secure distributed systems using commercial off- the-shelf (COTS) components. The latter construct results from the realization that unless a ... |
|
| KeyNote Policy Files and Conversion to Disjunctive Normal Form for Use in IPsec |
JAN 2002 |
50 pages |
| Authors:
Evdoxia Spyropoulou; Timothy E. Levin; Cynthia E. Irvine; NAVAL POSTGRADUATE SCHOOL MONTEREY CA
|
| We describe a utility for converting a KeyNote policy file to Disjunctive Normal Form, so that it can be further utilized in our research on Quality of Security Service for IPsec. We also provide background information on KeyNote and IPsec, on the Disjunctive Normal Form of logical expressions, as well as on the lex and yacc tools employ by our utility. |
|
| An Approach to Security Requirements Engineering for a High Assurance System |
2002 |
22 pages |
| Authors:
Cynthia E. Irvine; Timothy Levin; Jeffery D. Wilson; David Shifflett; Barbara Pereira; NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
|
| Requirements specifications for high assurance secure systems are rare in the open literature. This paper examines the development of a requirements document for a multilevel secure system that must meet stringent assurance and evaluation requirements. The system is designed to be secure yet combines popular commercial components with specialized high assurance ones. Functional and non-functional requirements pertinent to security are discussed. A multi-dimensional threat model is presented. The threat model ... |
|
| A Cautionary Note Regarding the Data Integrity Capacity of Certain Secure Systems |
2002 |
24 pages |
| Authors:
Cynthia E. Irvine; Timothy E . Levin; NAVAL POSTGRADUATE SCHOOL MONTEREY CA
|
| The need to provide standard commercial-grade productivity applications as the general purpose user interface to high-assurance data processing environments is compelling, and has resulted in proposals for several different types of "trusted" systems. We characterize some of these systems as a class of architecture. We discuss the general integrity property that systems can only be trusted to manage modifiable able data whose integrity is at or below that of their ... |
|
| Data Integrity Limitations in Highly Secure Systems |
01 MAR 2001 |
8 pages |
| Authors:
Cynthia E. Irvine; Timothy E. Levin; NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
|
| We discuss a class of computer/network architectures that supports multilevel security while utilizing commercial-off-the-shelf (COTS) workstations and COTS productivity software applications. We show that a property of these architectures is that, while supporting multilevel confidentiality policies, they do not generally support partially ordered integrity policies: specifically, these architectures do not support the maintenance of data that is higher in integrity than the integrity level of the COTS components. |
|
| Data Integrity Limitations in Hybrid Security Architectures |
DEC 2000 |
22 pages |
| Authors:
Cynthia E. Irvine; Timothy E. Levin; NAVAL POSTGRADUATE SCHOOL MONTEREY CA
|
| We discuss a class of computer/network architectures that supports multilevel security and commercial applications, while utilizing primarily commercial-off-the-shelf (COTS) workstations, operating systems and hardware components. We show that a property of these architectures is that, while they are capable of supporting multilevel confidentiality policies, they do not generally support partially ordered integrity policies: specifically, these architectures do not support the maintenance of data that is higher in integrity than the ... |
|
| Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor |
AUG 2000 |
17 pages |
| Authors:
John S. Robin; Cynthia E. Irvine; NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
|
| A virtual machine monitor (VMM) allows multiple operating systems to run concurrently on virtual machines (VMs) on a single hardware platform. Each VM can be treated as an independent operating system platform. A secure VMM would enforce an overarching security policy on its VMs. The potential benefits of a secure VMM for PCs include: a more secure environment, familiar COTS operating systems and applications, and enormous savings resulting from the ... |
|
| Management System for Heterogeneous Networks Final Repor. Volume 1: Project Summary and Papers (Part A) |
14 APR 2000 |
383 pages |
| Authors:
Cynthia E. Irvine; H. J. Siegel; Viktor Prasanna; Debra Hensgen; Timothy Levin; NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
|
| The goal of the MSHN Project was to explore the application of adaptive and heuristic matching and scheduling techniques, and modem distributed security methods, to a distributed heterogeneous resource management system (RMS) which allows system resources to be accessed by both MSHN-controlled and extemal applications. This document provides both a high-level overview of the MSHN technical program and a reference guide to the MSHN research papers ... |
|
| Management System for Heterogeneous Networks Final Report. Volume 1: Project Summary and Papers (Part B) |
14 APR 2000 |
403 pages |
| Authors:
Cynthia E. Irvine; H. J. Siegel; Viktor Prasanna; Debra Hensgen; Timothy Levin; NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
|
| Enforcement of a high-level statement of security policy may be difficult to discern when mapped through functional requirements to a myriad of possible security services and mechanisms in a highly complex, networked environment. A method for articulating network security functional requirements, and their fulfillment, is presented. Using this method, security in a quality of service frame. work is discussed in terms of "variant" security mechanisms and ... |
|
| Quality of Security Service Costing Demonstration for the MSHN Project |
APR 2000 |
65 pages |
| Authors:
Evdoxia Spyropoulou; Timothy Levin; Cynthia E. Irvine; NAVAL POSTGRADUATE SCHOOL MONTEREY CA
|
| Security requirements for a task, system or network may permit the selection of a range of underlying services or security behaviors. When a range of services is available, variant security is possible. Variant security permits the notion of Quality of Security Service (QoSS) to be introduced. This paper describes a quality of security service demonstration, specifically with respect to costing. We describe the network as having three ... |
|
| The Effects of Security Choices and Limits in a Metacomputing Environment |
31 JAN 2000 |
19 pages |
| Authors:
Cynthia E. Irvine; Timothy E. Levin; NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
|
| It is anticipated that the introduction of metacomputing and distributed resource management mechanisms to the Internet and World Wide Web will make available to users and applications a large diversity of previously unavailable network and computing resources. New methods of managing the scheduling and allocation of distributed resources bring into focus new problems and approaches for managing security in those contexts. We present an analysis ... |
|
| An Approach to Characterizing Resource Usage and User Preferences in Benefit Functions |
15 JUN 1999 |
15 pages |
| Authors:
Timothy Levin; Cynthia E. Irvine; NAVAL POSTGRADUATE SCHOOL MONTEREY CA
|
| An approach is described for representing the level of resources consumed by jobs under the control of a Resource Management System, and it is shown how this measurement of resource usage can be combined with a notion of user preferences to reflect a restrictive resource-usage policy for network management. |
|
| The Reference Monitor Concept as a Unifying Principle in Computer Security Education |
JUN 1999 |
12 pages |
| Authors:
Cynthia E. Irvine; NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
|
| For over twenty-five years the Reference Monitor Concept has proved itself to be a useful tool for computer security practioners. It can also be used as a conceptual tool in computer security education. This paper describes a computer security education at the Naval Postgraduate School that has used the Reference Monitor concept as a unifying principle for courses laboratory work and student research. The intent of the program is to ... |
|
| Amplifying Security Education in the Laboratory |
JUN 1999 |
9 pages |
| Authors:
Cynthia E. Irvine; NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
|
| Computer and network security have become concerns for enterprises ranging from sole proprietorships run from home offices to global corporations and government agencies with hundred of thousands of employees. These concerns are reflected in the growing demand for computer security professionals to design, manage, and administer systems. Here a case is built for significant use of laboratory work to complement classroom and reading activities in computer security education. |
|
| A Multi-Threading Architecture for Multilevel Secure Transaction Processing |
MAY 1999 |
16 pages |
| Authors:
Haruna R. Isa; William R. Shockley; Cynthia E. Irvine; NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
|
| A TCB and security kernel architecture for supporting multi-threaded, queue-driven transaction processing applications in a multilevel secure environment is presented. Our design exploits hardware security features of the Intel 80x86 processor family. Intel's CPU architecture provides hardware with two distinct descriptor tables. We use one of these in the usual way for process isolation. For each process, the descriptor table holds the descriptors of "system-low" segments, such as code segments, ... |
|
| The Benefits of Student Research in Information Systems Security Education |
MAY 1999 |
6 pages |
| Authors:
Cynthia E. Irvine; NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
|
| In ten to fifteen years, computers will be even more ubiquitous than they are today. Computer security will remain an important hidden factor in maintaining personal privacy, enterprise competitiveness, and national security Academe will need new teachers to conduct research and lead students into the unknown. Industry will need individuals who can address enterprise-level information systems security problems. Research-based academic efforts foster the atmosphere in which we can nurture those ... |
|
| High Assurance Multilevel Services for Off-The-Shelf Workstation Applications |
OCT 1998 |
12 pages |
| Authors:
Cynthia E. Irvine; James P. Anderson; Dion A. Robb; Jason Hackerson; NAVAL POSTGRADUATE SCHOOL MONTEREY CA
|
| The need for multilevel secure (MLS) systems still exists yet, the popularity of desktop systems has resulted in the imposition of new requirements. To be useful, a system must employ commercial-off-the-shelf (COTS) operating systems and office productivity software. We describe the preliminary architecture for a COTS-driven local area network that will provide MLS services to users while permitting them to employ standard office productivity tools on standard workstations. Our ongoing ... |
|
| Roundhouse: A Security Architecture for Active Networks |
15 MAY 1998 |
28 pages |
| Authors:
Cynthia E. Irvine; William R. Shockley; NAVAL POSTGRADUATE SCHOOL MONTEREY CA
|
| We describe a high-assurance framework for networked clients and servers. Called Roundhouse consists of the following elements: (1) Pinkerton, a comprehensive model for the implementation of distributed protection domains that provide for robust protection in a networked environment; (2) Iron Horse: Functional and security design of a kernelized host providing essential ring- based protection, packet authentication, and cryptography services for higher layers. (3) DEPOT: Specification, design, and prototype implementation on ... |
|
| An Information Security Education Initiative for Engineering and Computer Science |
01 DEC 97 |
31 pages |
| Authors:
Shiu Kai Chin; Cynthia E. Irvine; Deborah Frincke; NAVAL POSTGRADUATE SCHOOL MONTEREY CA
|
| This paper puts forward a case for an educational initiative in information security at both the undergraduate and graduate levels. Its focus is on the need for such education, the desired educational outcomes, and how the outcomes may be assessed. A basic thesis of this paper is that the goals, methods, and evaluation techniques of information and computer security are consistent with and supportive of the stated goals of engineering ... |
|
| Teaching Introductory Computer Security at a Department of Defense University |
02 APR 97 |
387 pages |
| Authors:
Cynthia E. Irvine; Roger Stemp; Daniel F. Warren; NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
|
| The Naval Postgraduate School Center for Information Systems Security (INFOSEC) Studies and Research (NPS CISR) has developed an instructional program in computer security. Its objective is to insure that students not only understand practical aspects of computer security associated with current technology, but also learn the fundamental principles that can be applied to the development of systems for which high confidence in policy enforcement can be achieved. Introduction to Computer ... |
|
| Application of Acoustic Signal Processing Techniques to Seismic Data |
30 JUN 1977 |
|
| Authors:
Cynthia E. Irvine; NAVAL POSTGRADUATE SCHOOL MONTEREY CA
|
 | In order to obtain an effective discriminant between earthquakes and explosions, techniques which originally had been developed for acoustic signal processing have been applied to seismic data. These techniques include Fourier analysis and related applications software as well as interactive graphics displays of the data. A numeric has been obtained which may provide a useful discriminant between earthquakes and explosions. In conjunction with this investigation, a large amount of seismic ... |
|
Reports by Author
